Authentifier Apache vers IMAP

Authentifier Apache vers IMAP

Pour avoir une DB user unique, je suis parti sur ma source d’utilisateur et dans mon cas c’est postfixadmin pour les mails.
Du coup; je me suis amusé à écrire un petit bout perl qui permet à apache de s’auth vers un serveur IMAP.

  • Installer les dépendances 
    apt-get install libnet-imap-simple-ssl-perl
apt-get install libunix-syslog-perl
apt-get install libapache2-mod-authnz-external
  • Protéger les pages Xymon avec l’auth IMAP 
     cat /etc/apache2/conf-enabled/xymon.conf
DefineExternalAuth dovecotpw pipe /etc/apache2/auth/dovecotpw.pl

ScriptAlias /xymon-cgi "/usr/lib/xymon/cgi-bin"
Directory "/usr/lib/xymon/cgi-bin"
    AllowOverride None
    Options ExecCGI Includes

    

        AuthType Basic
        AuthName "Xymon Administration"
        Require valid-user
        AuthBasicProvider external
        AuthExternal dovecotpw
  • Ensuite le code perl 
     cat /etc/apache2/auth/dovecotpw.pl

#!/usr/bin/perl
use strict;
use warnings;
use Unix::Syslog qw(:macros :subs);
use Net::IMAP::Simple::SSL;

my $VERSION = '1.0';

my $server = 'imap.distran.org';
my $port = 993;
my $use_ssl = 1;

syslog LOG_INFO,"imap-auth: waiting for packet";
chomp(my $user = );
chomp(my $password = );
my $result;
#print "checking [$user] and [$password]\n";
syslog(LOG_INFO,"imap-auth: request ('auth', \"$user\", '****')");

# successful authentication
if (is_valid($user, $password)){
      	$result = 0;
       	syslog(LOG_INFO,"imap-auth: -> +OK");
} else {
         $result = 1;
}

closelog;
exit $result;

sub is_valid
{
	my ($user, $password) = @_;
	my $is_valid = 0;

	# Create the object
	my $imap = Net::IMAP::Simple->new($server,
		(
			port => $port,
			use_ssl => $use_ssl
		) ) ||

	die "Unable to connect to IMAP: $Net::IMAP::Simple::errstr\n";

	$imap->starttls;
     	if ( $imap->login("$user", $password) ) {
		$is_valid = 1;
       	         syslog(LOG_INFO,"imap-auth: -> +OK imap server says you're cool. Welcome.");
	} else {
       	         syslog(LOG_INFO,"imap-auth: -> -ERR imap server has a problem with you: $! $_ $/ " . $imap->errstr);
	}

	$imap->quit;

	return ($is_valid);
}
  • Check des logs 
     tail /var/log/syslog

Nov 24 13:01:05 xymon-server01 perl: imap-auth: waiting for packet
Nov 24 13:01:05 xymon-server01 perl: imap-auth: request ('auth', "user@domain.com", '****')
Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK imap server says you're cool. Welcome.
Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK
  • Si le serveur IMAP est local sur la meme machine 
     cat /etc/apache2/auth/dovecotpw.sh
#!/bin/bash
read DCUSER
read DCPASS
/usr/bin/doveadm auth ${DCUSER} ${DCPASS}
exit $?

    • Leave a Reply

    Your email address will not be published. Required fields are marked *


    + one = 10